1. Field of the Invention
The embodiments of the invention generally relate to computer security, and, more particularly, to computer security and access control in grid computing environments.
2. Description of the Related Art
With the advent of collaborative computing and data sharing, more and more new modes of interaction have evolved resulting in the use of distributed resources for large-scale scientific research. Work within this collaborative computing environment has led to the development of grid technologies, which have become involved in scientific and enterprise computing.
In grid computing, heterogeneous resources distributed geographically are virtualized as a unified whole. Grid computing, as a result, provides enormous opportunity in terms of resource sharing, maximization of resource utilization and virtualization of resources. Grid computing has potential for the not only the scientific community, but also the enterprise information technology (IT) communities.
However, there are security issues and implications in the wide-spread use of grid computing. Because grid computing involves running of applications in diverse environments, different types of security issues arise. Issues in security in the area of grid computing can be broadly classified into system level, architectural, and interoperability issues.
System level security issues deal with the problem of running a foreign application in one's system. Architectural security issues deal with the development of a secure infrastructure for the grid system. Interoperability issues include establishing a secure infrastructure including encryption, authentication and authorization in a grid based environment.
Current grid solutions for dealing with authentication and authorization rely on a Public Key Infrastructure (PKI) where every end entity owns a X509 certificate and authentication against grid nodes are done through common PKI mechanisms with a trusted authority. However authorization is handled at a different level, usually by the means of a separate asynchronous process like grid-map files. This second process is not dynamic and is difficult to tie with the authentication process in an on demand environment where authorization can be granted and denied on demand.
U.S. Pat. No. 6,901,448, incorporated herein by reference, discloses a method for a distributed collaborative computing environment and a security protocol involving encryption processes. U.S. Pat. No. 7,028,181, incorporated herein by reference, discloses a system and method for revocation of a signature certificate in a PKI.